<?php
/* --------------------------------------------------------------
   guestbook.php 2009-07-15 mb
   Gambio GmbH
   http://www.gambio.de
   Copyright (c) 2009 Gambio GmbH
   Released under the GNU General Public License (Version 2)
   [http://www.gnu.org/licenses/gpl-2.0.html]
   --------------------------------------------------------------
*/
?><?php

if(defined('_GM_VALID_CALL') === false) die('x0');

require_once (DIR_FS_INC.'xtc_random_charcode.inc.php');

// create smarty elements
$smarty = new Smarty;

if($_GET['check'] == '1'){
	$errors = '';
	
	// name and message exist?
	if(empty($_GET['name']) || empty($_GET['message'])){
		$errors .= GM_GUESTBOOK_ERROR . '<br /><br />';
	}
	
	// vvcode check
	if(strtoupper($_GET['vvcode']) != $_SESSION['vvcode'] && gm_get_conf('GM_GUESTBOOK_VVCODE') == 'true'){
		$errors .= GM_GUESTBOOK_WRONG_CODE . '<br /><br />';
	}
	
	// customers status check
	$gm_check_customers_status = xtc_db_query("SELECT customers_status_id
																							FROM gm_guestbook_customers_status
																							WHERE customers_status_id = '" . $_SESSION['customers_status']['customers_status_id'] . "'
																							LIMIT 1");
	if(xtc_db_num_rows($gm_check_customers_status) == 0) $errors .= GM_GUESTBOOK_CUSTOMER_STATUS_ERROR . '<br /><br />';
	
	// spam protection time limit
	$gm_get_last_date = xtc_db_query("SELECT unix_timestamp(date) AS date 
																		FROM gm_guestbook 
																		WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "'
																		ORDER BY date DESC
																		LIMIT 1");
	if(xtc_db_num_rows($gm_get_last_date) == 1){
		$row = xtc_db_fetch_array($gm_get_last_date);
		// spam protection time limit check
		if(time() - $row['date'] < gm_get_conf('GM_GUESTBOOK_WAITING_TIME') * 60){
			$errors .= GM_GUESTBOOK_WAITING_TIME_ERROR . '<br /><br />';
		}
	}
	
	// blacklist check
	$gm_blacklist_words = explode(',', gm_get_conf('GM_GUESTBOOK_BLACKLIST'));
	$blacklist_hit = false;
	for($i = 0; $i < count($gm_blacklist_words); $i++){
		if(trim($gm_blacklist_words[$i]) != ''){
			if(stristr($_GET['message'], trim($gm_blacklist_words[$i]))) $blacklist_hit = true;
		}
	}
	if($blacklist_hit) $errors .= GM_GUESTBOOK_BLACKLIST_ERROR . '<br /><br />';
	
	$visual_verify_code = xtc_random_charcode(6);
	$_SESSION['vvcode'] = $visual_verify_code;
	
	echo $errors;
}
elseif(isset($_GET['name'])){
	// prepare entry
	$message = urldecode($_GET['message']);
	$message = htmlentities($message);
	$message = gm_prepare_string($message);
	$message = str_replace('%u20AC', '&euro;', $message);
	$activated = 0;
	if(gm_get_conf('GM_GUESTBOOK_ACTIVATE_ENTRIES') == 'false') $activated = 1;
	// add entry
	xtc_db_query("INSERT INTO gm_guestbook
								SET date = NOW(),
										name = '" . xtc_db_input(htmlentities(urldecode($_GET['name']))) . "',
										email = '" . xtc_db_input(urldecode($_GET['email'])) . "',
										homepage = '" . xtc_db_input(urldecode($_GET['homepage'])) . "',
										message = '" . xtc_db_input($message) . "',
										ip = '" . $_SERVER['REMOTE_ADDR'] . "',
										activated = '" . $activated . "'");
	
	if(gm_get_conf('GM_GUESTBOOK_SEND_MAIL') == 1) xtc_php_mail(STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', STORE_OWNER_EMAIL_ADDRESS, STORE_NAME, '', '', GM_GUESTBOOK_NEW_ENTRY_MAIL_SUBJECT, htmlentities(urldecode($_GET['name'])) . nl2br(htmlentities(GM_GUESTBOOK_NEW_ENTRY_MAIL)), urldecode($_GET['name']) . GM_GUESTBOOK_NEW_ENTRY_MAIL);	
}

if(!isset($_GET['check'])){
	$entries = array();
	if(is_numeric($_GET['limit'])) $limit = (int)$_GET['limit'];
	else $limit = 0;
	
	if(isset($_SESSION) && $_SESSION['customers_status']['customers_status_id'] == '0'){
		
		if(!empty($_GET['delete']) && is_numeric($_GET['delete'])){
			xtc_db_query("DELETE FROM gm_guestbook
										WHERE gm_guestbook_id = '" . (int)$_GET['delete'] . "'");
		}
		elseif(!empty($_GET['activate']) && is_numeric($_GET['activate'])){
			xtc_db_query("UPDATE gm_guestbook
										SET activated = 1
										WHERE gm_guestbook_id = '" . (int)$_GET['activate'] . "'");
		}
		elseif(!empty($_GET['deactivate']) && is_numeric($_GET['deactivate'])){
			xtc_db_query("UPDATE gm_guestbook
										SET activated = 0
										WHERE gm_guestbook_id = '" . (int)$_GET['deactivate'] . "'");
		}
		
		$cnt_entries = xtc_db_query("SELECT
																	count(gm_guestbook_id) AS cnt
																FROM gm_guestbook");
		
		$smarty->assign('ADMIN', true);
		$get_entries = xtc_db_query("SELECT
																	gm_guestbook_id,
																	unix_timestamp(date) AS date,
																	name,
																	email,
																	homepage,
																	message,
																	ip,
																	activated
																FROM gm_guestbook
																ORDER BY date DESC
																LIMIT " . $limit . ", " . gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT') . "");
	}
	else{
		$smarty->assign('ADMIN', false);
		$cnt_entries = xtc_db_query("SELECT
																	count(gm_guestbook_id) AS cnt
																FROM gm_guestbook
																WHERE activated = '1'");
		
		$get_entries = xtc_db_query("SELECT
																	gm_guestbook_id,
																	unix_timestamp(date) AS date,
																	name,
																	email,
																	homepage,
																	message,
																	ip,
																	activated
																FROM gm_guestbook
																WHERE activated = '1'
																ORDER BY date DESC
																LIMIT " . $limit . ", " . gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT') . "");
	}
	while($row = xtc_db_fetch_array($get_entries)){
		if(substr_count($row['homepage'], 'http://') == 0 && !empty($row['homepage'])) $homepage = 'http://' . $row['homepage'];
		else $homepage = $row['homepage'];
		$entries[] = array('ID' => $row['gm_guestbook_id'],
												'DATE' => date("d.m.Y H:i", $row['date']),
												'NAME' => strip_tags($row['name']),
												'EMAIL' => htmlentities($row['email']),
												'HOMEPAGE' => htmlentities($homepage),
												'MESSAGE' => strip_tags($row['message']),
												'IP' => $row['ip'],
												'ACTIVATED' => $row['activated']);
	}
	$smarty->assign('entries', $entries);
	
	$row = xtc_db_fetch_array($cnt_entries);
	if($limit > 0){
		$back = $limit - gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT');
		if($back < 0) $back = 0;
	}
	if($limit + gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT') < $row['cnt']){
		$next = $limit + gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT');
	}
	$pages = ceil($row['cnt'] / gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT'));
	$page = $limit / gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT') + 1;
	$smarty->assign('BACK', $back);
	$smarty->assign('NEXT', $next);
	$smarty->assign('FIRST', (($page - 1) * gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT')) + 1);
	$gm_guestboog_last = $page * gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT');
	if($gm_guestboog_last > $row['cnt']) $gm_guestboog_last = $row['cnt'];
	$smarty->assign('LAST', $gm_guestboog_last);
	$smarty->assign('ALL', $row['cnt']);
	
	$navigation = array();
	for($i = 0; $i < $pages; $i++){
		$navigation[] = array('PAGE' => $i + 1, 'LIMIT' => $i * gm_get_conf('GM_GUESTBOOK_ENTRIES_LIMIT'));
	}
	$smarty->assign('navigation', $navigation);	
	$smarty->assign('PAGE', $page);
	
	$smarty->assign('ENTRIES', GM_GUESTBOOK_ENTRIES);
	$smarty->assign('TO', GM_GUESTBOOK_TO);
	$smarty->assign('OF', GM_GUESTBOOK_OF);
	
	$gm_guestbook_entries = $smarty->fetch(DIR_FS_CATALOG . 'templates/' . CURRENT_TEMPLATE . '/module/gm_guestbook_entries.html');
	
	if($row['cnt'] > 0) echo $gm_guestbook_entries;
}
?>